FreeBSD's bundled unbound answers SERVFAIL
Ralph Dolmans
ralph at nlnetlabs.nl
Thu Feb 20 14:44:03 UTC 2020
Hi,
This sound like the name server you are forwarding to is unreachable
sometimes, and marked in Unbound as such. Unbound stores this
information in its infra cache, the TTL for this cache is 15 minutes by
default.
Besides looking into the issue of the unreachable upstream, you could
consider lowering the infra cache TTL using infra-host-ttl. Flushing the
infra cache using unbound-control flush_infra should also make it work
again.
-- Ralph
On 20-02-2020 14:54, Wolfgang Zenker via Unbound-users wrote:
> Hello,
>
> a few things we learned in the last couple of days:
> - the actual "live time" for these SERVFAIL answers is somewhere
> between 12 and 30 minutes, probably 15 minutes. After that unbound
> "magically" works again.
> - "unbound-control flush ." fixes it most of the times, but not always.
> Sometimes only stopping and starting unbound restores operation
> immediately.
> - we forward requests to a Bind nameserver via IPv6. Restarting that
> nameserver or flushing its cache does not result in unbound working
> again.
> - dumping the unbound cache during failure works and the result looks
> like a normal cache dump, frequently holding the entries that we just
> looked for but got SERVFAIL (and will get SERVFAIL again when asking
> for them during the "failure livetime").
>
> Any ideas, known problems, etc?
>
> Regards,
> Wolfgang Zenker
>
More information about the Unbound-users
mailing list